AdNovum and Spitch are committed to the central role that solution security plays in customer-facing joint implementations and technical partnerships. In support of this commitment, the AdNovum Security Consulting Team, in cooperation with the Spitch technical team, recently executed a comprehensive penetration test against the Spitch conversational AI platform.

The primary aim of the tests was to detect security vulnerabilities that could be used by attackers to gain access to a deployed platform network. The AdNovum Security Consulting Team confirmed that the Spitch solutions exhibit a high commitment to security. At the same time, in their penetration testing report, the AdNovum team emphasized Spitch's exceptional level of cooperation, as well as its commitment to the immediate elimination of identified vulnerabilities. 

Stephan Fehlmann, Senior Business Development Manager at Spitch, commented on the positive outcome: “Of course we do everything we can to ensure that our solutions meet the highest possible security requirements. I am not aware of any case in which a vulnerability in one of our products would have enabled an attack. Nevertheless, of course we know that there is no such thing as absolute security. Such independent tests are of great help to us and help us to remain vigilant at all times and to keep the security of our solutions at the top level”.

Michel Sahli, Security Consultant at AdNovum, states: "There is no such thing as error-free and absolutely secure software. Accordingly, we always find smaller and larger problems that need to be resolved. This underlines the great importance of the penetration tests carried out by our team. The threat potential for our customers can only be minimized by means of such ongoing security checks. The high level of willingness to cooperate and the commitment of Spitch in protecting the solutions we use together make it immensely easier for us to guarantee our customers the highest possible level of security”.

Spitch adheres to business continuity and is fully compliant with all applicable IT security requirements for data protection by implementing and maintaining security instruments and controls in accordance with ISO 27001-2013 standards.  To ensure data protection, Spitch has adopted a set of internal PCI DSS (Payment Card Industry Data Security Standards), DPA (Swiss Federal Act on Data Protection) and GDPR (General Data protection Legislation of the European Union) as well as Internal IT Security guidelines for personnel and contractors, Information Security Policy and Risk Assessment Plan.

Please contact us if you require further information on the testing results or Spitch products.

AdNovum contact details: www.adnovum.ch